Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 18 Apr 2020 23:05:01 +0200
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: testing LKRG

Hi,

On Sat, Apr 18, 2020 at 07:01:29PM +0000, Mikhail Klementev wrote:
> Hello,
> 
> I have a collection of exploits: https://github.com/jollheef/lpe
> 
> It's based on the tool https://github.com/jollheef/out-of-tree
> 

Thanks Mikhail for the links and your work :)

> If you'll make an LKRG integration for the tool (it already has the
> ability to disable/enable mitigations), then you get the ability to
> test any exploits that already use out-of-tree.
> 
> On Sat, Apr 18, 2020 at 06:20:47PM +0000, Patrick Schleizer wrote:
> > Are there any tests that one could perform to check if LKRG is functional?
> > 
> > I.e. such as are there are proof of concept exploits that still (and
> > will continue) to work against recent kernels? Maybe no longer
> > exploitable but still something LKRG would kill? Or some other method to
> > make LKRG do something?
> > 

I've my private repo of exploits against vulnerable kernel module which I've 
written (basic one). However, It does not cover all LKRG's functionalities. 
Rest of them I'm manually emulating under debugger.

Thanks,
Adam

> > Background is I am wondering what LKRG would output to dmesg if an
> > actual exploit would be stopped with log_level 1 (or 0) and it's a bit
> > tedious to downgrade the kernel to run a documented proof of concept
> > exploit from that time.
> > 
> > Kind regards,
> > Patrick
> 
> -- 
> Mikhail Klementev,
> https://dumpstack.io

-- 
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.